nginx tcp proxy <备忘>

Nginx tcp 代理功能由nginx_tcp_proxy_module模块提供，同时检测后端主机状态。该模块包括的模块有：ngx_tcp_module, ngx_tcp_core_module, ngx_tcp_upstream_module, ngx_tcp_proxy_module, ngx_tcp_upstream_ip_hash_module。

下载nginx_tcp_proxy_module: https://github.com/yaoweibin/nginx_tcp_proxy_module

安装和配置细节看README文件

tcp {
upstream cluster {
# simple round-robin
server 192.168.111.46:8888;
server 192.168.111.46:8889;
check interval=3000 rise=2 fall=5 timeout=1000;
#check interval=3000 rise=2 fall=5 timeout=1000 type=ssl_hello;
#check interval=3000 rise=2 fall=5 timeout=1000 type=http;
#check_http_send "GET / HTTP/1.0\r\n\r\n";
#check_http_expect_alive http_2xx http_3xx;
}
server {
listen 8080;
proxy_pass cluster;
}
}

这样配置会出现一个问题，就是tcp连接会掉线。原因在于当服务器关闭链接的时候，客户端不可能立刻发觉连接已经关闭，需要等到当Nginx在执行check规则时认为服务端连接关闭，此时nginx会关闭与客户端的连接。

保持连接配置：

tcp {
timeout 1d;
proxy_read_timeout 10d;
proxy_send_timeout 10d;
proxy_connect_timeout 30;    #timeout milliseconds
upstream cluster {
# simple round-robin
server 192.168.111.46:8888;
server 192.168.111.46:8889;
check interval=3000 rise=2 fall=5 timeout=1000;
#check interval=3000 rise=2 fall=5 timeout=1000 type=ssl_hello;
#check interval=3000 rise=2 fall=5 timeout=1000 type=http;
#check_http_send "GET / HTTP/1.0\r\n\r\n";
#check_http_expect_alive http_2xx http_3xx;
}
server {
listen 8080;
proxy_pass cluster;
so_keepalive on;
tcp_nodelay on;
}
}

'''
so_keepalive: The same as so_keepalive <With this directive you can set the socket SO_KEEPALIVE option for the client connection to Nginx.>
tcp_nodelay: The same as tcp_nodelay <这些数据之间不存在延迟,解决网络阻塞，极大地有益于WWW、FTP以及文件服务器的性能>
nginx_tcp_proxy_module模块指令具体参见: http://yaoweibin.github.io/nginx_tcp_proxy_module/README.html '''

使用nginx代理ftp：
只需修改proxy_pass就可以了：
tcp {
timeout 1d;
proxy_read_timeout 10d;
proxy_send_timeout 10d;
proxy_connect_timeout 30;
upstream ftp {
server 192.168.111.46:21;
check interval=3000 rise=2 fall=5 timeout=1000;
}
server {
listen 8080;
proxy_pass ftp;
so_keepalive on;
tcp_nodelay on;
}

$ nginx -s reload

测试：